"UsePrivilegeSeparation no" is useful for running sshd without privileges
Spencer Baugh
sbaugh at catern.com
Tue Feb 8 06:13:43 AEDT 2022
Hi OpenSSH developers,
"UsePrivilegeSeparation no" causes sshd to not use setuid when starting
up. This is useful for running sshd without any privileges in the first
place. That is, running sshd as an unprivileged user, rather than as
root.
There are a number of uses for this. In particular, I do this as part
of a test suite, where I run sshd to test some code which uses the SSH
protocol. Requiring root to run my test suite is quite undesirable.
UsePrivilegeSeparation is currently deprecated, and prints a warning
message when used.
I suggest that UsePrivilegeSeparation should be explicitly supported for
running sshd as non-root. Perhaps "UsePrivilegeSeparation no" should
not print a warning message when sshd is running as non-root; or perhaps
there should be a "UsePrivilegeSeparation unprivileged" which causes
sshd to abort if it's running as root. Or perhaps something else
entirely; in any case, I hope UsePrivilegeSeparation is not removed,
since it is useful for this purpose.
Thanks!
More information about the openssh-unix-dev
mailing list